Security vulnerabilities question...
ltgenspecific
Member Posts: 96 ■■□□□□□□□□
Hey there everyone,
So I should start by saying that I have precisely no experience in the realm of security. However, I have been tasked with a group project for school and the member of my group responsible for the security / test phase of our proposed solution has bailed on the project.
This is really not that bad as I've got time to pick up the slack but I am a little unsure of where to start.
So perhaps you more experienced folks can throw a word or two of advice my way? Let me lay it out, short version...
1. We have to come up with a proposed network/systems solution for a 1-main/4-branch medical co-op.
2. Maximum 10 (2 Docs, 7 nurse, 1 admin) users per site, each site is VLAN-ed and has wired and wireless access.
3. There is a trunk connection and a backup connection at each site.
4. We're utilizing a cloud-based medical application solution called WebMD.
5. Each site is firewalled, redundantly.
6. Although we're not pro's yet, let's assume our network/routing topology is correct and our systems (W2K8 R2, W7P) are correctly configured (DHCP, DNS, AD, etc.)
7. HIPAA is really important... obv.
SO... where should I start looking to research what my security vulnerabilities are going to be? I've already considered DDoS on the WebMD solution and a few others, but I am really an amateur when it comes to the deep stuff.
Thanks in advance for any advice or direction pointing that anyone might offer!! Time to hit the books!
So I should start by saying that I have precisely no experience in the realm of security. However, I have been tasked with a group project for school and the member of my group responsible for the security / test phase of our proposed solution has bailed on the project.
This is really not that bad as I've got time to pick up the slack but I am a little unsure of where to start.
So perhaps you more experienced folks can throw a word or two of advice my way? Let me lay it out, short version...
1. We have to come up with a proposed network/systems solution for a 1-main/4-branch medical co-op.
2. Maximum 10 (2 Docs, 7 nurse, 1 admin) users per site, each site is VLAN-ed and has wired and wireless access.
3. There is a trunk connection and a backup connection at each site.
4. We're utilizing a cloud-based medical application solution called WebMD.
5. Each site is firewalled, redundantly.
6. Although we're not pro's yet, let's assume our network/routing topology is correct and our systems (W2K8 R2, W7P) are correctly configured (DHCP, DNS, AD, etc.)
7. HIPAA is really important... obv.
SO... where should I start looking to research what my security vulnerabilities are going to be? I've already considered DDoS on the WebMD solution and a few others, but I am really an amateur when it comes to the deep stuff.
Thanks in advance for any advice or direction pointing that anyone might offer!! Time to hit the books!
Comments
-
dynamik
Banned Posts: 12,312 ■■■■■■■■■□
RFC 2196 - Site Security Handbook (RFC2196) (specifically sections 3 and 4)
http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf (specifically section 3)
SANS: 20 Critical Security Controls